Systems and Methods for Use in Computer Network Security
First Claim
1. A computer-implemented method for use in managing data across a network based on multiple keys assigned to different participants in association with the data, the method comprising:
- identifying, by an originating party, a relying party;
identifying data relevant to at least one interaction between the originating party and the relying party, the data including identifying data specific to the originating party;
encrypting, by a computing device, the data based on a secret;
generating, by a computing device, a key set based on the secret, the key set having at least three keys and structured such that the secret is derivable from at least two of the at least three keys;
disseminating, by the computing device, a first key of the key set and the encrypted data to a control party; and
disseminating, by the computing device, a second key of the key set to the relying party, whereby the relying party is permitted to submit a request to the control party, including the second key, and whereby the control party is permitted to decrypt the encrypted data disseminated to the control party, using the first and second keys, in order to respond to the request from the relying party.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for managing data across a network based on multiple keys assigned to different participants in association with the data. One exemplary method includes identifying, by an originating party, a relying party, identifying data relevant to at least one interaction between the originating party and the relying party, and encrypting the data based on a secret. The method also includes generating a key set based on the secret, where the key set has at least three keys and is structured such that the secret is derivable from at least two of the at least three keys, and disseminating a first key of the key set and the encrypted data to a control party and disseminating a second key of the key set to the relying party.
6 Citations
19 Claims
-
1. A computer-implemented method for use in managing data across a network based on multiple keys assigned to different participants in association with the data, the method comprising:
-
identifying, by an originating party, a relying party; identifying data relevant to at least one interaction between the originating party and the relying party, the data including identifying data specific to the originating party; encrypting, by a computing device, the data based on a secret; generating, by a computing device, a key set based on the secret, the key set having at least three keys and structured such that the secret is derivable from at least two of the at least three keys; disseminating, by the computing device, a first key of the key set and the encrypted data to a control party; and disseminating, by the computing device, a second key of the key set to the relying party, whereby the relying party is permitted to submit a request to the control party, including the second key, and whereby the control party is permitted to decrypt the encrypted data disseminated to the control party, using the first and second keys, in order to respond to the request from the relying party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for use in managing data across a network based on multiple keys assigned to different participants in association with the data, the system comprising an originating party computing device having a memory and a processor coupled to the memory, the processor configured, by executable instructions stored in the memory of the originating party computing device, to:
-
receive, from an originating party, an indication of a relying party in connection with an identification interaction of the originating party to the relying party; encrypt data based on a secret, the data including identifying data specific to the originating party; generate a key set based on the secret and store the key set in the memory, the key set having at least three keys and structured such that the secret is derivable from at least two of the at least three keys; generate a token associated with the originating party, the encrypted data and/or the key set; disseminate the token, a first key of the key set, and the encrypted data to a control party; and disseminate the token and a second key of the key set to the relying party, whereby the relying party is permitted to submit a request to the control party, including the token and the second key, and whereby the control party is permitted to identify the first key based on the token and decrypt the encrypted data disseminated to the control party, using the first and second keys, in order to respond to the request from the relying party. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable storage media including executable instructions for use in managing data across a network based on multiple keys assigned to different participants in association with the data, which, when executed by at least one processor, cause the at least one processor to:
-
identify a relying party; encrypt data based on a secret, the data including identifying data specific to the originating party; generate a key set based on the secret and a Shamir secret sharing algorithm, the key set having N keys and structured such that the secret is derivable from at least N−
1 of the N keys, where N is an integer greater than 2;disseminate a first key of the key set and the encrypted data to a control party; and disseminate a second key of the key set to the relying party, whereby the relying party is permitted to submit a request associated with the data to the control party, including the second key, and whereby the control party is permitted to decrypt the encrypted data disseminated to the control party, by use of the first and second keys, in order to decrypt the encrypted data and to respond to the request from the relying party. - View Dependent Claims (19)
-
Specification